This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

O-Saft

From OWASP
Revision as of 00:03, 9 January 2013 by Achim (talk | contribs) (typo)

Jump to: navigation, search

O-Saft is an easy to use tool to show informations about SSL connections and the provided SSL certificates.

It's designed to be used by penetration testers, security auditors or server administrators. The idea is to show the important informations or the special checks with a simple call of the tool. However, it provides a wide range of options so that it can be used for comprehensive and special checks by experianced people.

Project About


Template:Outdated page, please see: O-Saft


OWASP Defenders logo.png This project is part of the OWASP Defenders community.
Feel free to browse other projects within the Defenders, Builders, and Breakers communities.


PROJECT INFO
What does this OWASP project offer you? 		RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: O-Saft - OWASP SSL audit for testers / OWASP SSL advanced forensic tool (home page)
Purpose: This tools lists information about remote target's SSL certificate and tests the remote target's SSL connection according given list of ciphers and various SSL configurations.
O-Saft 
The main idea is to have a tool which works on common platforms and can simply be automated.
In a Nutshell
  • show SSL connection details
  • show certificate details
  • check for supported ciphers
  • check for ciphers provided in your own libssl.so and libcrypt.so
  • check for special HTTP(S) support (like SNI, HSTS, certificate pinning)
  • check for protections against attacks (BEAST, CRIME, RC4 Bias, ...)
  • may check for a single attribute
  • may check multiple targets at once
  • can be scripted (headless or as CGI)
  • should work on any platform (just needs perl, openssl optional)
  • scoring for all checks (still to be improved in many ways ;-)
  • output format can be customized
  • various trace and debug options to hunt unusual connection problems
Installation
* Download and unpack o-saft.tgz
* Ensure that following perl modules (and their dependencies) are installed
      IO::Socket::INET, IO::Socket::SSL, Net::SSLeay
* Start: o-saft --help
License: GPL v2
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
  • Contact Achim @ to contribute to this project
  • Contact Achim @ to review or sponsor this project
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases
current release
O-Saft 14.1.4 - 01/2014 - (download)

Release Leader: Achim @

Release details: N/A :

Rating: Yellow button.JPG Not Reviewed
To be reviewed under Assessment Criteria v2.0


Retrieved from "https://wiki.owasp.org/index.php?title=O-Saft&oldid=142035"